ISO/IEC 27005 Risk Manager

Here you have the best PECB Risk Manager practice exam questions

You have 5 total questions to study from
Each page has 5 questions, making a total of 1 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 14, 2025
This site is not affiliated with or endorsed by PECB.

Question 1 of 5

Can organizations obtain certification against ISO 31000?

Yes, organizations of any type or size can obtain certification against ISO 31000

Yes, but only organizations that manufacture products can obtain an ISO 31000 certification

No, organizations cannot obtain certification against ISO 31000, as the standard provides only guidelines

Correct Answer: C

Question 2 of 5

Scenario 1 -
The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers’ personal data.
Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.
According to scenario 1, what type of controls did Henry suggest?

Technical

Managerial

Administrative

Correct Answer: C

Question 3 of 5

Which of the following risk assessment methods provides an information security risk assessment methodology and involves three phases build asset-based threat profiles, identify infrastructure vulnerabilities, and develop security strategy and plans?

OCTAVE-S

MEHARI

TRA

Correct Answer: A

Question 4 of 5

Does information security reduce the impact of risks?

Yes, information security reduces risks and their impact by protecting the organization against threats and vulnerabilities

No, information security does not have an impact on risks as information security and risk management are separate processes

Yes, information security reduces the impact of risks by eliminating the likelihood of exploitation of vulnerabilities by threats

Correct Answer: A

Question 5 of 5

An organization has installed security cameras and alarm systems. What type of information security control has been implemented in this case?

Technical

Managerial

Legal

Correct Answer: A